SC Media reports that updates have been released by Veeam to remediate 18 significant flaws impacting several of its products, five of which are critical in severity.
Most serious of the patched vulnerabilities are a pair of issues affecting the Veeam Service Provider Console, tracked as CVE-2024-38650 and CVE-2024-39714, which could be exploited to facilitate VSPC server account's NTLM hash and allow arbitrary file uploads, respectively. Veeam also fixed a critical unauthenticated remote code execution bug in Veeam Backup & Replication, tracked as CVE-2024-40711, which could be leveraged to facilitate total system hijacking, with the company refusing to provide technical details due to its potential exploitation in ransomware attacks.
Also addressed by the firm were a pair of critical flaws in Veeam ONE, tracked as CVE-2024-42024 and CVE-2024-42019. More than a dozen high-severity vulnerabilities, including those that are in VSPC, Veeam Backup for Nutanix AHV, Veeam Agent for Linux, and Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization have also been fixed.
